15bb24b9cdb03f0d871e78240cebbd2ad54f645e5d70ceec550ca569d38a58af

Analysis

max time kernel
194s
max time network
128s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 13:43

Target

7313496aeab4b77bfb70b617741e546d.exe
Size

811KB
MD5

7313496aeab4b77bfb70b617741e546d
SHA1

b4eb2d7b9f4d887299907a2d30f8806d798fee98
SHA256

15bb24b9cdb03f0d871e78240cebbd2ad54f645e5d70ceec550ca569d38a58af
SHA512

027d9e71a4b63f3181b192e4dd8fbf115d5a4d768d3fabd6c7dd82e8d2f57f41f5c9459fbf6962674dfb6d9e88b269bf774227160a40cf86563e590c1bd024c2
SSDEEP

12288:IQiGgjmP0QzEefMpr0MrmOm3kIswJ9P7HBmsGqvaF1Y3QOlKhC2Iqjzva6WXd553:IQiBiLIfp0Z3BswvP7HBrFvHRsItF

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2572	7313496aeab4b77bfb70b617741e546d.tmp

Loads dropped DLL 5 IoCs

Script User-Agent 3 IoCs

Uses user-agent string associated with script host/environment.

description	flow	ioc
HTTP User-Agent header	3	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	4	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	5	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2572	7313496aeab4b77bfb70b617741e546d.tmp

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2756 wrote to memory of 2572	2756	7313496aeab4b77bfb70b617741e546d.exe	28
PID 2756 wrote to memory of 2572	2756	7313496aeab4b77bfb70b617741e546d.exe	28
PID 2756 wrote to memory of 2572	2756	7313496aeab4b77bfb70b617741e546d.exe	28
PID 2756 wrote to memory of 2572	2756	7313496aeab4b77bfb70b617741e546d.exe	28
PID 2756 wrote to memory of 2572	2756	7313496aeab4b77bfb70b617741e546d.exe	28
PID 2756 wrote to memory of 2572	2756	7313496aeab4b77bfb70b617741e546d.exe	28
PID 2756 wrote to memory of 2572	2756	7313496aeab4b77bfb70b617741e546d.exe	28

memory/2572-7-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2572-16-0x00000000008B0000-0x00000000008EC000-memory.dmp

Filesize
240KB

Download
memory/2572-20-0x0000000000670000-0x0000000000685000-memory.dmp

Filesize
84KB

Download
memory/2572-30-0x0000000000670000-0x0000000000685000-memory.dmp

Filesize
84KB

Download
memory/2572-29-0x00000000008B0000-0x00000000008EC000-memory.dmp

Filesize
240KB

Download
memory/2572-28-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/2572-35-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2756-0-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2756-27-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download